Thanks Andrew!
These are good points! I was actually using an ECC key, but I did
another mistake.
As I was just trying out very quickly, I accidentally specified the
-tls1_2 option on the wrong position and didn't check the output. As
`openssl -tls1_2 s_client -cipher` terminates with status code 0, the
script's output was "works" for all cipher suites, hence I wrongly
assumed that it would be working.
Thanks again!
On Mon, 2013-10-07 at 13:05 -0400, Andrew Thompson wrote:
> On Mon, Oct 07, 2013 at 10:58:43AM +0200, Klaus Trainer wrote:
> > Ah, thanks, I've missed that!
> >
> > If I add -tls1_2 in my erl_ssl_check check-ciphers.sh script the test
> > passes for all cipher suites.
>> That doesn't work for me with openssl 1.0.1e. Also, I don't know how
> some of those ciphers could pass with the RSA keys you include in that
> repo. The ECDSA ciphers require an ECC key, as far as I know.
>> Andrew
> _______________________________________________
> erlang-bugs mailing list
>>http://erlang.org/mailman/listinfo/erlang-bugs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20131007/f90a1a00/attachment.bin>